A weakness in the network that enables mobile phone calls means hackers can listen in on any call and find the location of users, and researchers are unclear about how much the vulnerability has already been used.
The flaws make use of a vulnerability in SS7, the global network that allows companies to send calls, texts and other services to each other, reports the Washington Post.
The flaws are actually functions that are supposed to be used for other purposes, like keeping calls connected as users as they drive down motorways, that hackers re-purposes to allow access to the calls themselves.
Using the vulnerabilities can give hackers access to callers locations and phone calls.
SS7, despite being still key to mobile phone’s functioning, was built in the 1980s and is still riddled with serious vulnerabilities. But because it is the foundation of mobile phone systems, even as company invest billions of pounds into new security and encryption techniques the problems will continue to exist.
The network is used worldwide meaning that hackers do not even need to be anywhere near users’ phones to break into them.
They will be reported at a hacker conference in Hamburg later this month. That will mark the first time that the vulnerability will be revealed to the public, but the vulnerability is likely to have been exploited already.